1
-- Module BasicAccessControl (X.501:08/1997)
2
BasicAccessControl {joint-iso-itu-t ds(5) module(1) basicAccessControl(24) 3}
7
-- The types and values defined in this module are exported for use in the other ASN.1 modules contained
8
-- within the Directory Specifications, and for the use of other applications which will use them to access
9
-- Directory services. Other applications may use them for their own purposes, but this will not constrain
10
-- extensions and modifications needed to maintain or improve the Directory service.
12
id-aca, id-acScheme, informationFramework, upperBounds,
13
selectedAttributeTypes, directoryAbstractService
14
FROM UsefulDefinitions {joint-iso-itu-t ds(5) module(1)
15
usefulDefinitions(0) 3}
16
ATTRIBUTE, AttributeType, DistinguishedName, ContextAssertion,
17
SubtreeSpecification, SupportedAttributes, MATCHING-RULE,
18
objectIdentifierMatch, Refinement
19
FROM InformationFramework informationFramework
21
FROM DirectoryAbstractService directoryAbstractService
23
FROM UpperBounds upperBounds
24
NameAndOptionalUID, directoryStringFirstComponentMatch, DirectoryString{}
25
FROM SelectedAttributeTypes selectedAttributeTypes;
28
ACIItem ::= SEQUENCE {
29
identificationTag DirectoryString{ub-tag},
30
precedence Precedence,
31
authenticationLevel AuthenticationLevel,
34
[0] SEQUENCE {protectedItems ProtectedItems,
35
itemPermissions SET OF ItemPermission},
37
[1] SEQUENCE {userClasses UserClasses,
38
userPermissions SET OF UserPermission}}
41
Precedence ::= INTEGER(0..255)
43
ProtectedItems ::= SEQUENCE {
44
entry [0] NULL OPTIONAL,
45
allUserAttributeTypes [1] NULL OPTIONAL,
47
[2] SET SIZE (1..MAX) OF AttributeType OPTIONAL,
49
[3] SET SIZE (1..MAX) OF AttributeType OPTIONAL,
50
allUserAttributeTypesAndValues [4] NULL OPTIONAL,
52
[5] SET SIZE (1..MAX) OF AttributeTypeAndValue OPTIONAL,
54
[6] SET SIZE (1..MAX) OF AttributeType OPTIONAL,
55
rangeOfValues [7] Filter OPTIONAL,
57
[8] SET SIZE (1..MAX) OF MaxValueCount OPTIONAL,
58
maxImmSub [9] INTEGER OPTIONAL,
60
[10] SET SIZE (1..MAX) OF RestrictedValue OPTIONAL,
62
[11] SET SIZE (1..MAX) OF ContextAssertion OPTIONAL,
63
classes [12] Refinement OPTIONAL
66
MaxValueCount ::= SEQUENCE {type AttributeType,
70
RestrictedValue ::= SEQUENCE {type AttributeType,
71
valuesIn AttributeType
74
UserClasses ::= SEQUENCE {
75
allUsers [0] NULL OPTIONAL,
76
thisEntry [1] NULL OPTIONAL,
77
name [2] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
78
userGroup [3] SET SIZE (1..MAX) OF NameAndOptionalUID OPTIONAL,
79
-- dn component must be the name of an
80
-- entry of GroupOfUniqueNames
81
subtree [4] SET SIZE (1..MAX) OF SubtreeSpecification OPTIONAL
84
ItemPermission ::= SEQUENCE {
85
precedence Precedence OPTIONAL,
86
-- defaults to precedence in ACIItem
87
userClasses UserClasses,
88
grantsAndDenials GrantsAndDenials
91
UserPermission ::= SEQUENCE {
92
precedence Precedence OPTIONAL,
93
-- defaults to precedence in ACIItem
94
protectedItems ProtectedItems,
95
grantsAndDenials GrantsAndDenials
98
AuthenticationLevel ::= CHOICE {
100
SEQUENCE {level ENUMERATED {none(0), simple(1), strong(2)},
101
localQualifier INTEGER OPTIONAL,
102
signed BOOLEAN DEFAULT FALSE},
106
GrantsAndDenials ::= BIT STRING {
107
-- permissions that may be used in conjunction
108
-- with any component of ProtectedItems
109
grantAdd(0), denyAdd(1), grantDiscloseOnError(2), denyDiscloseOnError(3),
110
grantRead(4), denyRead(5), grantRemove(6),
112
-- permissions that may be used only in conjunction
113
-- with the entry component
114
grantBrowse(8), denyBrowse(9), grantExport(10), denyExport(11),
115
grantImport(12), denyImport(13), grantModify(14), denyModify(15),
116
grantRename(16), denyRename(17), grantReturnDN(18),
118
-- permissions that may be used in conjunction
119
-- with any component, except entry, of ProtectedItems
120
grantCompare(20), denyCompare(21), grantFilterMatch(22), denyFilterMatch(23),
121
grantInvoke(24), denyInvoke(25)}
123
AttributeTypeAndValue ::= SEQUENCE {
124
type ATTRIBUTE.&id({SupportedAttributes}),
125
value ATTRIBUTE.&Type({SupportedAttributes}{@type})
129
accessControlScheme ATTRIBUTE ::= {
130
WITH SYNTAX OBJECT IDENTIFIER
131
EQUALITY MATCHING RULE objectIdentifierMatch
133
USAGE directoryOperation
134
ID id-aca-accessControlScheme
137
prescriptiveACI ATTRIBUTE ::= {
139
EQUALITY MATCHING RULE directoryStringFirstComponentMatch
140
USAGE directoryOperation
141
ID id-aca-prescriptiveACI
144
entryACI ATTRIBUTE ::= {
146
EQUALITY MATCHING RULE directoryStringFirstComponentMatch
147
USAGE directoryOperation
151
subentryACI ATTRIBUTE ::= {
153
EQUALITY MATCHING RULE directoryStringFirstComponentMatch
154
USAGE directoryOperation
155
ID id-aca-subentryACI
158
-- object identifier assignments
160
id-aca-accessControlScheme OBJECT IDENTIFIER ::=
163
id-aca-prescriptiveACI OBJECT IDENTIFIER ::= {id-aca 4}
165
id-aca-entryACI OBJECT IDENTIFIER ::= {id-aca 5}
167
id-aca-subentryACI OBJECT IDENTIFIER ::= {id-aca 6}
169
-- access control schemes -
170
basicAccessControlScheme OBJECT IDENTIFIER ::=
173
simplifiedAccessControlScheme OBJECT IDENTIFIER ::= {id-acScheme 2}
175
rule-based-access-control OBJECT IDENTIFIER ::= {id-acScheme 3}
177
rule-and-basic-access-control OBJECT IDENTIFIER ::= {id-acScheme 4}
179
rule-and-simple-access-control OBJECT IDENTIFIER ::= {id-acScheme 5}
181
END -- BasicAccessControl
183
-- Generated by Asnp, the ASN.1 pretty-printer of France Telecom R&D